It's safe to say that 2017 has been an eventful year in the cyber security industry. As well as a steadily growing number of breaches across a multitude of organizations and industries, there have been some pivotal moments that have had a significant impact on the cyber security industry as a whole. We've looked back over the last 12 months and have chosen the top 5 events that have shaped the industry.
Many organizations have gone out and bought SIEM appliances which are either in-house or outsourced to an external security operations center. We have highlighted the top five areas for organizations to review, when they deploy SIEM technology, or utilize a security operations center function. This guide is designed to help improve SIEM coverage, and provide confidence to the organization that they are getting the most from their security operations center providers.
There has been a theme for a while that categorizes security operations centers in to two categories of operation. Reactive capability, where the SOC purely reacts, and proactive capability, where the SOC has a proactive approach to identifying threats. Nettitude’s SOC harnesses both reactive and proactive approaches, however it also builds upon this through leveraging machine based learning to provide predictive capability.
As organizations become more dependent upon increasing amounts of data, many companies are hiring Chief Information Security Officers, (CISOs) to take on the responsibility of managing information security programs.
Many organizations will be familiar with the Verizon Data Breach Investigations Report, (DBIR) that is issued each year. A reoccurring theme within the report each year is to record the average amount of time it takes an organization to identify an attack, (or data breach) from the initial point that the intruder gained access to the network. This is often referred to as the dwell time.
The initial time that it takes to compromise an asset is usually managed in seconds. For spear phishing, this effectively suggests that a user will either decide to click or not click a link in an e-mail within a few seconds of reading it.
The amount of time it typically takes for data to be exfiltrated after an initial incident is measured in days. This means that after the initial compromise, an attacker will be resident within the network for a number of days before attempting to exfiltrate data.
Every organization that either builds a security operations center or subscribes to the services of a managed security services provider (MSSP) hopes that the SOC is able to prevent, detect and respond to cyber related attacks. However, there is huge amounts of variability in SOC services, and it is very common for organizations to build or leverage SOC services that are mismatched to the threats that they face.
A cyber breach is probably one of the most disturbing events that a CISO could encounter. Nettitude has worked with many organizations that have experienced cyber incidents, and provides consulting guidance to organizations to mitigate the threat from cybercrime. Here are our top five things that successful CISOs do to mitigate against the risk of a cyber breach.
We frequently get contacted by organizations after they have experienced a data breach. All too frequently the incident comes as a complete shock, and the reason that they find out it because they are contacted by a 3rd party. We have compiled our top 5 reasons why organizations don’t detect a cyber breach.
This may seem like a strange article for Nettitude to publish, on the basis that we are an award winning cyber security company focusing on penetration testing. We absolutely believe that penetration testing does have value when implemented and oriented properly. However, we frequently see organizations that have been executing penetration testing programs that have really missed this mark. This article discusses the top five failings of pen testing programs we have seen executed across industry.
For far too long, penetration testing has been focused on delivering assurance on organizations defensive capabilities. Organizations have initiated penetration testing exercises against internal and external network segments, against applications and databases, and in almost all instances the focus has been to identify vulnerabilities in defenses that can be exploited. Pen testers would assess the firewall build and identify weaknesses in its configuration. They would also assess web applications and identify vulnerable code and configuration. Pen testers assess databases, network shares and other security devices in the hope of identifying vulnerabilities that could be leveraged by an attacker.